安卓外文翻譯--android文件訪問控制系統(tǒng)的設(shè)計與實現(xiàn)

1、<p>　　2200單詞，1.2萬英文字符，3850漢字</p><p>　　出處：Wen Q, Huang L. The Design and Implementation of Android File Access Control System[C]// Second International Conference on Business Computing and Global Informa

2、tization. IEEE, 2012:766-769.</p><p>　　The Design and Implementation of Android File Access Control System</p><p>　　Q Wen，L Huang</p><p><b>　　Abstract:</b></p>&l

3、t;p>　　Android is a popular operating system on mobile devices, and people care about the security issues of Android very much. Based on the analysis of the defects in Android security mechanism, this paper proposes th

4、e design and implementation of an Android File Access Control System that supplies authorization and authentication to the file operations in order to prevent the sensitive files. The simulation results indicate that the

5、 Android File Access Control System achieves the goal of file access </p><p>　　Keywords-Android; access control; Linux kernel; virtual file system</p><p>　　I. INTRODUCTION</p><p>　　

6、Mobile device is becoming more and more popular with the coming of the information age. Android is a software stack for mobile devices that includes an operating system, middleware and key applications. Particularly, And

7、roid relies on Linux version 2.6 for core system services. With the growing number of users, the security issues of Android have been focused on. As a result, the study of Android File Access Control is significant.</

8、p><p>　　A. Android Security Mechanism and Defect</p><p>　　Relying on the Linux kernel, Android is a privilege separated operating system, in which each application creates a sandbox with a distinct

9、 system identity (Linux user ID and group ID) at install time. Any data stored by an application will be assigned that application's user ID, and not normally accessible to other applications. </p><p>　　

10、Additional security features are provided through a permission mechanism. No application, by default, has the permission to perform any operations that would adversely impact other applications, the operating system, or

11、the user. Applications must statically declare the permissions they require, and the Android system prompts the user for consent at the time the application is installed. </p><p>　　There exist defects in And

12、roid security mechanism. Android has a super user who has the permission to operate the whole system, and the sandbox of each application becomes invalid once an application is assigned the super user ID. Additionally, t

13、he permission mechanism may not meet the demand of security control sometime because of its coarse-grained.</p><p><b>　　B. Goals</b></p><p>　　Recently, many viruses threaten Android

14、system with the access of the sensitive files, this paper aims at designing and implementing an Android File Access Control System, in order to offset the defects in Android security mechanism and prevent the sensitive f

15、iles from being damaged.</p><p>　　II. DESIGN OF ANDROID FILE ACCESS CONTROL SYSTEM</p><p>　　A. Access Control Model</p><p>　　Access control is the traditional center of gravity of c

16、omputer security. Its function is to control which principals (persons, processes, and machines) have access to which resources in the system. Access control system is generally made of three key components which are sub

17、ject, object and security policy.</p><p>　　Subject is actor that requests access to an object.</p><p>　　Object is a passive entity being accessed.</p><p>　　Security policy is to con

18、trol how subjects and objects communicate and interact with each other.</p><p>　　To enforce the rules and objectives of an established security policy, access control models are created. There are three prim

19、ary models: discretionary access control (DAC), mandatory access control (MAC) and role-based access control (RBAC). DAC model allows the owners of objects to control who accesses them and what operations can be performe

20、d on the objects. However MAC model does not leave decisions up to the data owner, instead systems compare the subjects’ clearances and need-to-know to th</p><p>　　Relying on Linux kernel, Android has alread

21、y inherited DAC mechanism from Linux, and RABC is not a suitable solution on mobile platform. Consequently, achieving MAC on Android system is a reasonable and effective solution.</p><p>　　B. System Architec

22、ture</p><p>　　The architecture of Android File Access Control System is shown in Fig. 1, including policy obtainment module, access control module, kernel communication module, policy management module and p

23、olicy file. We develop them separately in the user space and the kernel space. Particularly, the policy obtainment module and the access control module are inserted into the virtual file system (VFS), because the VFS is

24、an abstraction layer in Linux kernel on top of the concrete file systems, it can manage</p><p>　　1) Policy Obtainment Module: When an application requests to operate a file, policy obtainment module will cap

25、ture the request and call the kernel communication module to get the authorization information matched with the current operated file.</p><p>　　2) Access Control Module: After the policy obtainment module ge

26、ts the authorization information, the access control module takes the responsibility for authentication by comparing the operation behavior with the authorization information. It will allow or refuse the file access acco

27、rding to whether the file operation is legal.</p><p>　　3) Kernel Communication Module: We consider the kernel communication module as a bridge between the kernel space and the user space. It exchanges the me

28、ssages with the policy management module, receives the policy information from the user space.</p><p>　　4) Policy Management Module: Policy management module, persistently in a condition of listening to the

29、kernel, runs as a service in the user space. As soon as receiving the message from the kernel, it will analyze the policy file to find out the corresponding security rules, then send the policy information back to the ke

30、rnel.</p><p>　　5) Policy File: Its function is to store the security policy for file access control.</p><p>　　C. Design of Policy File</p><p>　　The Android File Access Control Syste

31、m rules that every file is accessible by default. The policy file will be established on a basis of the MAC model. We choose the Extensible Markup Language (XML) as the format of the policy file. XML is a simple and flex

32、ible text format which plays an important role in the storage and exchange of data. XML performs a tree structure, and every tree node is called an element which includes attribute and text content.</p><p>　

33、　Figure 1. Architecture of Android File Access Control System.</p><p>　　1) Policy File Structure: The structure of the policy file is shown in Fig. 2; there are three key elements as the children of the root

34、 element, which are described as follows.</p><p>　　The “resources” element stores the sets of the files which share the same security rules.</p><p>　　The “rules” element presents a serious of se

35、curity rules, including names and rights of the processes.</p><p>　　The “controls” element keeps the combination information between the files and the rules, therefore, the policy file is well extensible by

36、making the files and the rules combined dynamically.</p><p>　　The policy file supports five kinds of permissions, that is, CREATE, READ, READWRITE, DELETE and DENY. Being the child element of “rules”, the el

37、ement named “rule” describes which processes can perform the above operations. Additional, the “global” element presents the permissions of the processes which are not mentioned in the current “rule” element. And other e

38、lements are described in Tab. I </p><p>　　2) Security Storage of Policy File: Policy file plays an important role in the Android File Access Control System; it contains all the security rules in the system.

39、Android system will be threatened seriously once the policy file is modified viciously. To protect the policy file, the only way to modify it is to use the policy management module. Moreover, the policy file is encrypted

40、 by the standard of XML Encryption. XML Encryption is a specification that defines a process for encrypting data an</p><p>　　Figure 2. Policy File Structure</p><p>　　TABLE I. ELEMENT INSTRUCTION

41、 OF POLICY FILE</p><p>　　III. IMPLEMENTATION OF ANDROID FILE ACCESS CONTROL SYSTEM</p><p>　　A. Data Structure</p><p>　　1) Subject Information: Keep the authorization information for

42、 a specific file, shown as follows. </p><p>　　struct subject_task_ authorization _info{</p><p>　　char task_name[MAX_NAME_SIZE];</p><p>　　unsigned int operation;</p><p>

43、　　subject_task_ authorization_info *next;</p><p><b>　　};</b></p><p>　　task_name: the name of the process.</p><p>　　operation: the authority of the process, valued from C

44、REATE, READ, READWRITE, DELETE and DENY.</p><p>　　next: the pointer to this structure itself, a linked list of authorization information for the same file is generated by this field.</p><p>　　2)

45、 Object Information: Describe the information of the object file which is being operated, shown as follows.</p><p>　　struct object_access_control{</p><p>　　struct inode *i_node;</p><p

46、>　　struct task_struct *task;</p><p>　　struct subject_task_ authorization_info *task_ auth;</p><p><b>　　};</b></p><p>　　i_node: the pointer to the built-in “inode” obj

47、ect in the VFS. All the information about the current operated file are stored.</p><p>　　task: the pointer to the built-in “task_struct” object in the VFS which contains the information needed to manage a pr

48、ocess.</p><p>　　task_auth: the pointer to the head of the linked list which keeps all the auth</p><p>　　B. Access Control Interface</p><p>　　1) Policy Obtainment Interface: Located

49、in the policy obtainment module, the definition of the interface is </p><p>　　int get_authorization_info(char *filename, struct subject_task_ authorization_info *auth_info)</p><p>　　This interfa

50、ce calls the kernel communication module to get the rules for the current operated file, then gives value to the input parameter “auth_info”. It will return 0 if the security rules are obtained successfully, otherwise re

51、turn -1.</p><p>　　2) Access Authentication Interface: Located in the access control module, the definition of the interface is</p><p>　　int do_ authentication (unsigned int operation, struct obj

52、ect_access_control *access_control)</p><p>　　This interface gets the process name and the authorization list through the input parameter “access_control”, and checks whether the process has the authority to

53、perform the current operation. If the operation is legal, it will return the value of 0, otherwise return the value of -1.</p><p>　　C. Communication between Kernel Space and User Space</p><p>　　

54、In order to exchange messages between the kernel space and the user space, Netlink is used in the kernel communication module and the policy management module. Netlink is a socket-like mechanism which is designed for tra

55、nsferring information between the kernel space and the user space.</p><p>　　In the kernel communication module, a special kernel API “netlink_kernel_create()” is used to create Netlink socket and “netlink_un

56、icast()” is called to transfer message. In the user space, the policy management module uses the standard socket APIs such as sock(), send() and recv() to communicate with the kernel.</p><p>　　D. Policy Anal

57、ysis Interface</p><p>　　Located in the policy management module, the interface named “analyze_ policy()” is used to analyze the policy file. First, it decrypts the policy file with the standard of XML Encryp

58、tion using the method “xmlSecEncCtxDecrypt()” supported by the open source library “XML Security”. Then, the authorization list correspondence with the current operated file is generated by traversing the plain text.<

59、/p><p>　　E. Integration with the Virtual File System</p><p>　　1) Data Structure Modification: The VFS is objectoriented. A family of data structures represent the common file model. Among them, the

60、 “inode” object performs closely connection with the files. As a result, we add the structure “object_access_control” into it in order to integrate file access control the VFS, shown as Fig. 3.</p><p>　　2) S

61、ystem Call Modification: When an application accesses a file, the internal method “do_sys_open()” in the VFS will be invoked by the system call “open()”. To insert the policy obtainment module and the access control modu

62、le into the VFS, the method ‘do_sys_open()’ will be modified, shown as Fig. 4.</p><p>　　Figure 3. Relevance of Data Structure</p><p>　　Figure 4. Execution Process of do_sys_open()</p><

63、;p>　　IV. SIMULATION TEST</p><p>　　A. Simulation Environment</p><p>　　As a test tool, Android emulator is installed in Ubuntu11.10. We replace the kernel image file with the new one which is a

64、lready modified for file access control. After the emulator is launched, we load the kernel communication module and make the policy management module run as a service in the user space. Meanwhile, the policy file is alr

65、eady prepared.</p><p>　　B. Simulation Results</p><p>　　1) Policy File Operation: the results of operating the policy file are shown in Tab. II .</p><p>　　2) File Access: We use diff

66、erent processes to do all kinds of the operations(create, read, write and delete) to the files.</p><p>　　For the files which are not mentioned in the policy file, all the processes are allowed to make access

67、.</p><p>　　For the files ruled in the policy file, the test results are shown in Tab. III .</p><p>　　TABLE II. TEST OF POLICY FILE OPERATION</p><p>　　TABLE III. TEST OF FILE ACCESS

68、CONTROL</p><p>　　V. CONCLUSION</p><p>　　To prevent the sensitive file from being damaged on Android, this paper presents an Android File Access Control System, indicates the design and implement

69、ation. To offset the defects in Android security mechanism, the design is based on the MAC model. The architecture and the key modules are specialized, which is implemented by both modifying the Android kernel and develo

70、ping the application in the user space. The simulation test proceeds in Android emulator at last, and the results shows that t</p><p>　　Android文件訪問控制系統(tǒng)的設(shè)計與實現(xiàn)Q Wen，L Huang</p><p>　　摘要：Android是移

71、動設(shè)備上的一個流行的操作系統(tǒng)，人們對Android的安全問題非常關(guān)注?；趯ndroid安全機制的缺陷分析，本文提出了一個Android文件訪問控制系統(tǒng)，它提供對文件操作的認(rèn)證和授權(quán)以保護敏感文件。仿真結(jié)果表明，Android文件訪問控制系統(tǒng)實現(xiàn)了對Android的文件訪問控制的目的。</p><p>　　關(guān)鍵詞：Android；訪問控制； Linux內(nèi)核；虛擬文件系統(tǒng)</p><p>

72、;　　一、 引言移動設(shè)備隨著信息時代的到來正變得越來越受歡迎。 Android是一個用于移動設(shè)備的軟件群，包括操作系統(tǒng)，中間層和關(guān)鍵應(yīng)用程序。特別的是，Android是依賴于Linux 2.6版核心系統(tǒng)的服務(wù)。隨著用戶越來越多，Android的安全問題也更加被關(guān)注。因此，對Android文件訪問控制的研究是至關(guān)重要的。</p><p>　　A. Android的安全機制和缺陷依托Linux內(nèi)核，Android

73、是一個特權(quán)分隔的操作系統(tǒng)，其中每個應(yīng)用程序在安裝時創(chuàng)建一個有獨特的系統(tǒng)標(biāo)識（Linux的用戶ID和組ID）的沙箱。由應(yīng)用程序存儲的任何數(shù)據(jù)都將被添加該應(yīng)用程序的用戶ID，以保證該數(shù)據(jù)不會被其他應(yīng)用程序正常地訪問。</p><p>　　通過權(quán)限機制提供額外的安全功能。在默認(rèn)情況下，沒有應(yīng)用程序可以擁有操作其他應(yīng)用程序或者系統(tǒng)并且可能帶來不利影響的操作許可。應(yīng)用程序必須靜態(tài)地聲明他們所需要的權(quán)限，Android系統(tǒng)在

74、安裝應(yīng)用程序時會提示所需要的權(quán)限并取得用戶的同意。Android的安全機制存在缺陷。Android已經(jīng)有了一個有權(quán)使用整個系統(tǒng)的權(quán)限的超級用戶，并且每個應(yīng)用程序一旦被分配了超級用戶ID，其沙箱就會變?yōu)闊o效。此外，有些時候因為許可機制的過分需求會導(dǎo)致其可能不能滿足安全控制的要求。</p><p>　　B. 目標(biāo)最近，許多病毒威脅了Android系統(tǒng)的敏感文件的訪問，本文的目的是設(shè)計和實現(xiàn)一個Android文件

75、訪問控制系統(tǒng)，以彌補在Android安全機制中的缺陷和防止敏感文件被損壞。</p><p>　　二、 Android文件訪問控制系統(tǒng)的設(shè)計A. 訪問控制模型訪問控制是計算機安全的重中之重。它的功能是控制主體（人，進程和機器）可以訪問系統(tǒng)中的哪些資源。訪問控制系統(tǒng)一般由主體，客體和安全策略的三個主要部分組成。</p><p>　　主體是請求訪問的對象?？腕w被訪問的被動實體。安全策略

76、是控制主體和對象如何交流和相互影響的規(guī)則。</p><p>　　為了加強安全策略規(guī)則和目標(biāo)的建立，就要創(chuàng)建訪問控制模型。主要有三種模式：自主訪問控制（discretionary access control，DAC），強制訪問控制（mandatory access control，MAC）和基于角色的訪問控制（role-based access control，RBAC）。 DAC模型允許對象的所有者來控制誰訪

77、問他們，什么操作可以在對象上執(zhí)行。然而MAC模型不會把決策權(quán)留給數(shù)據(jù)的所有者，反而系統(tǒng)會去比較訪問者的許可，然后需要知曉訪問對象的分類去禁止或授權(quán)訪問。RABC模型是根據(jù)分配的角色或組，而不是針對單個用戶的權(quán)限訪問。</p><p>　　依托Linux內(nèi)核，Android已經(jīng)從Linux繼承了DAC的機制，并且RABC也不是在移動平臺上合適的解決方案。因此，在Android系統(tǒng)中實現(xiàn)MAC是一個合理而有效的解決方

78、案。</p><p>　　B. 系統(tǒng)架構(gòu)Android文件訪問控制系統(tǒng)的結(jié)構(gòu)如圖1所示，包括策略獲取模塊，訪問控制模塊，內(nèi)核通信模塊，策略管理模塊和策略文件。我們在用戶空間和內(nèi)核空間對他們進行分別地開發(fā)。特別地是，策略獲取模塊和訪問控制模塊將被添加到虛擬文件系統(tǒng)（virtual file system，VFS），因為VFS是Linux內(nèi)核中一個文件系統(tǒng)頂部的抽象層，它可以管理所有運行文件的系統(tǒng)調(diào)用。</p

79、><p>　　1）策略獲取模塊：當(dāng)應(yīng)用程序請求操作一個文件時，策略獲取模塊將捕獲的請求，并調(diào)用內(nèi)核通信模塊來獲取與當(dāng)前操作的文件相匹配的授權(quán)信息。2）訪問控制模塊：在策略獲取模塊獲取到授權(quán)信息之后，訪問控制模塊將會承擔(dān)比較操作行為和授權(quán)信息并授權(quán)的責(zé)任。它會根據(jù)文件的操作是否合法去允許或拒絕的文件的訪問。3）內(nèi)核通信模塊：我們認(rèn)為內(nèi)核通信模塊是作為內(nèi)核空間和用戶空間之間的橋梁。它和策略管理模塊交換信息，并從用戶空

80、間獲得策略信息。4）策略管理模塊：策略管理模塊是運行在用戶空間的服務(wù)并在系統(tǒng)內(nèi)核上進行監(jiān)聽操作。一旦接收到來自內(nèi)核的消息，它會分析策略文件并找出相應(yīng)的安全策略，然后將策略信息反饋給內(nèi)核。5）策略文件：它的功能是用于存儲文件訪問控制的安全策略。</p><p>　　C. 策略文件的設(shè)計Android的文件訪問控制系統(tǒng)的規(guī)則是每個文件都默認(rèn)可以被訪問。該策略文件將被建立在MAC模型的基礎(chǔ)上。我們選擇了可擴展標(biāo)

81、記語言（XML）作為策略文件的格式。 XML這一簡單而靈活的文本格式可以發(fā)揮在存儲和交換數(shù)據(jù)上的重要作用。 XML表現(xiàn)為一個樹形的結(jié)構(gòu)，每個節(jié)點都包含屬性和文本形式的內(nèi)容。</p><p>　　圖1. Andr??oid文件訪問控制系統(tǒng)的架構(gòu)</p><p>　　1）策略文件結(jié)構(gòu)：該策略文件的結(jié)構(gòu)如圖2所示，作為根元素的子元素有如下的三個要點：</p><p>

82、;　　“資源”元素存儲著共享相同安全策略的文件集合。</p><p>　　該“規(guī)則集”元素呈現(xiàn)出一系列的安全策略規(guī)則，包括姓名和進程的權(quán)利。</p><p>　　“控制集”元素保有文件集合和規(guī)則集合之間的組合信息，因此，該策略文件是通過動態(tài)地結(jié)合的文件集合和規(guī)則集合來使其本身具有良好的可擴展性。</p><p>　　該策略文件支持5種類型的權(quán)限，分別是創(chuàng)建、讀取、讀

83、寫、刪除和拒絕訪問。作為“規(guī)則集”的子元素，命名為“規(guī)則”的元素描述著在此操作上那些進程可以執(zhí)行。另外，“全局”元素呈現(xiàn)著沒有在當(dāng)前“規(guī)則”元素中所描述到的進程的權(quán)限。其他元素標(biāo)簽在表I中說明。</p><p>　　2）策略文件的安全存儲：策略文件在Android文件訪問控制系統(tǒng)中扮演著重要的角色，它包含系統(tǒng)中所有的安全規(guī)則。一旦策略文件遭到惡意修改，那么Android的安全性系統(tǒng)將受到嚴(yán)重威脅。為了保護策略文件

84、，就得使得修改它的唯一方法只能是使用策略管理模塊。此外，該策略文件是由XML加密標(biāo)準(zhǔn)進行加密的。XML加密是一種規(guī)范，它定義了用于加密數(shù)據(jù)的過程，并將結(jié)果以XML格式來表示。XML結(jié)果的元素有密文，密鑰信息和算法三個部分。要加密XML文檔，有三個加密模式：加密XML元素，加密XML元素的內(nèi)容和加密整個XML文檔。為了對策略文件提供完全的保護，對整個XML文檔加密是最好的選擇。對于加密算法，參考文獻中所提出的常見加密算法的比較，我們選擇了

85、三重DES算法，以提供安全的加密。</p><p>　　圖2 策略文件結(jié)構(gòu)</p><p>　　表I 策略文件的元素結(jié)構(gòu)</p><p>　　三、 實現(xiàn)Android文件訪問控制系統(tǒng)</p><p>　　A. 數(shù)據(jù)結(jié)構(gòu)1）主體的信息：保有對特定文件的授權(quán)信息，如下所示：</p><p>　　struct sub

86、ject_task_ authorization _info{</p><p>　　char task_name[MAX_NAME_SIZE];</p><p>　　unsigned int operation;</p><p>　　subject_task_ authorization_info *next;</p><p>　　};ta

87、sk_name：進程的名稱</p><p>　　operation：進程的授權(quán)信息，從CREATE（創(chuàng)建）、READ（讀?。?、READWRITE（讀寫）、DELETE（刪除） 或者 DENY（拒絕訪問）中取值</p><p>　　next：指向自身的指針，通過該變量可以對相同的文件建立一個授權(quán)信息的鏈表</p><p>　　2）客體信息：詳細說明被操作的對象的文件信

88、息，如下所示：</p><p>　　struct object_access_control{</p><p>　　struct inode *i_node;</p><p>　　struct task_struct *task;</p><p>　　struct subject_task_ authorization_info *task_

89、 auth;</p><p><b>　　};</b></p><p>　　i_node：指向VFS中內(nèi)置的“inode”的指針。所有關(guān)于當(dāng)前被操作文件的信息被存儲其中。</p><p>　　task：指向VFS內(nèi)置的“task_struct”的指針，它包含管理一個進程所需要的信息。</p><p>　　task_aut

90、h：指向授權(quán)信息鏈表的頭結(jié)點。</p><p>　　B. 訪問控制接口1）策略的獲得接口：位于策略獲取模塊中，接口的定義如下：</p><p>　　int get_authorization_info(char *filename, struct subject_task_ authorization_info *auth_info)</p><p>　　這個接

91、口調(diào)用內(nèi)核通信模塊以獲得用于操作當(dāng)前文件的規(guī)則，然后給出值到輸入?yún)?shù)“auth_info”中。如果安全規(guī)則獲得成功它將返回0，否則返回-1。2）訪問授權(quán)信息的接口：位于訪問控制模塊，接口的定義如下：int do_ authentication (unsigned int operation, struct object_access_control *access_control)</p><p>　　此接口

92、可以通過輸入?yún)?shù)“access_control” 獲取進程名稱和授權(quán)列表，并檢查該進程是否有權(quán)執(zhí)行當(dāng)前操作。如果操作是合法的，它會返回一個0值，否則返回-1值。</p><p>　　C. 內(nèi)核空間和用戶空間之間的通信</p><p>　　網(wǎng)絡(luò)鏈路在內(nèi)核通信模塊和策略管理模塊中的使用是為了在內(nèi)核空間和用戶空間之間交換消息。網(wǎng)絡(luò)鏈路是被設(shè)計成仿socket機制以便在內(nèi)核空間與用戶空間之間傳送

93、信息。</p><p>　　在內(nèi)核通信模塊中，一個被稱為信息傳送的特殊內(nèi)核接口“netlink_kernel_create()”是用于創(chuàng)建網(wǎng)絡(luò)鏈路和“netlink_unicast()”。在用戶空間，策略管理模塊使用標(biāo)準(zhǔn)的socket接口與內(nèi)核進行通信，如sock()，send()和recv()。</p><p>　　D.策略分析接口位于策略管理模塊中有一個名為“analyze_ pol

94、icy()”接口是用來分析的策略文件的。首先，它使用開源庫“XML Security”中提供的方法“xmlSecEncCtxDecrypt()”，該方法使用XML加密的標(biāo)準(zhǔn)對策略文件進行解密。然后，授權(quán)列表和通過遍歷明文生成的當(dāng)前操作文件進行通信。</p><p>　　E. 與虛擬文件系統(tǒng)整合1）數(shù)據(jù)結(jié)構(gòu)的修改：該VFS是面向?qū)ο蟮?。一系列?shù)據(jù)結(jié)構(gòu)的代表共同文件模型。其中，“inode”變量密切執(zhí)行與文件的連

95、接。因此，我們增加了結(jié)構(gòu)“object_access_control”進去，以整合文件訪問控制的VFS，如圖3所示。</p><p>　　2）系統(tǒng)調(diào)用修改：當(dāng)應(yīng)用程序訪問一個文件時，VFS中的內(nèi)部方法“do_sys_open()”將被系統(tǒng)調(diào)用“open()”所調(diào)用。為了將策略獲取模塊和訪問控制模塊插入VFS中，方法“do_sys_open()”將被修改，如圖4所示。</p><p>　　

96、圖3 相關(guān)的數(shù)據(jù)結(jié)構(gòu)</p><p>　　圖4 do_sys_open()的執(zhí)行過程</p><p>　　四、 模擬試驗A. 仿真環(huán)境</p><p>　　安裝在Ubuntu11.10上的Android模擬器將作為測試工具。我們將內(nèi)核的映像文件替換成了為了文件訪問控制修改之后的新的文件。在仿真器啟動之后，我們加載內(nèi)核通信模塊，然后策略管理模塊作為用戶空間的服務(wù)

97、在運行。與之同時，策略文件已經(jīng)準(zhǔn)備就緒。</p><p>　　B. 仿真結(jié)果1）策略文件的操作：操作策略文件的結(jié)果顯示在表II中。2）文件訪問：我們使用了不同的進程對文件做各種的操作（創(chuàng)建，讀取，寫入和刪除）。</p><p>　　對于那些沒有在策略文件中提到的文件，所有的進程都允許進行訪問。對于在策略文件中的文件，測試結(jié)果顯示在表III中。</p><p&g

98、t;　　表II 策略文件的操作測試</p><p>　　表III 文件訪問控制的測試</p><p>　　五、 結(jié)論為防止Android上的敏感文件被損壞，本文提出了一個Android文件訪問控制系統(tǒng)，并進行了設(shè)計與實現(xiàn)。為了彌補Android安全機制的缺陷，該設(shè)計是基于MAC模型。其結(jié)構(gòu)和關(guān)鍵模塊是在修改了Andr??oid內(nèi)核和開發(fā)出在用戶空間執(zhí)行的應(yīng)用程序之后的專門的設(shè)計。最后